1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef _SYS_CRYPTO_OPS_IMPL_H
27 #define	_SYS_CRYPTO_OPS_IMPL_H
28 
29 /*
30  * Scheduler internal structures.
31  */
32 
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36 
37 #include <sys/types.h>
38 #include <sys/mutex.h>
39 #include <sys/condvar.h>
40 #include <sys/crypto/api.h>
41 #include <sys/crypto/spi.h>
42 #include <sys/crypto/impl.h>
43 #include <sys/crypto/common.h>
44 
45 /*
46  * The parameters needed for each function group are batched
47  * in one structure. This is much simpler than having a
48  * separate structure for each function.
49  *
50  * In some cases, a field is generically named to keep the
51  * structure small. The comments indicate these cases.
52  */
53 typedef struct kcf_digest_ops_params {
54 	crypto_session_id_t	do_sid;
55 	crypto_mech_type_t	do_framework_mechtype;
56 	crypto_mechanism_t	do_mech;
57 	crypto_data_t		*do_data;
58 	crypto_data_t		*do_digest;
59 	crypto_key_t		*do_digest_key;	/* Argument for digest_key() */
60 } kcf_digest_ops_params_t;
61 
62 typedef struct kcf_mac_ops_params {
63 	crypto_session_id_t		mo_sid;
64 	crypto_mech_type_t		mo_framework_mechtype;
65 	crypto_mechanism_t		mo_mech;
66 	crypto_key_t			*mo_key;
67 	crypto_data_t			*mo_data;
68 	crypto_data_t			*mo_mac;
69 	crypto_spi_ctx_template_t	mo_templ;
70 } kcf_mac_ops_params_t;
71 
72 typedef struct kcf_encrypt_ops_params {
73 	crypto_session_id_t		eo_sid;
74 	crypto_mech_type_t		eo_framework_mechtype;
75 	crypto_mechanism_t		eo_mech;
76 	crypto_key_t			*eo_key;
77 	crypto_data_t			*eo_plaintext;
78 	crypto_data_t			*eo_ciphertext;
79 	crypto_spi_ctx_template_t	eo_templ;
80 } kcf_encrypt_ops_params_t;
81 
82 typedef struct kcf_decrypt_ops_params {
83 	crypto_session_id_t		dop_sid;
84 	crypto_mech_type_t		dop_framework_mechtype;
85 	crypto_mechanism_t		dop_mech;
86 	crypto_key_t			*dop_key;
87 	crypto_data_t			*dop_ciphertext;
88 	crypto_data_t			*dop_plaintext;
89 	crypto_spi_ctx_template_t	dop_templ;
90 } kcf_decrypt_ops_params_t;
91 
92 typedef struct kcf_sign_ops_params {
93 	crypto_session_id_t		so_sid;
94 	crypto_mech_type_t		so_framework_mechtype;
95 	crypto_mechanism_t		so_mech;
96 	crypto_key_t			*so_key;
97 	crypto_data_t			*so_data;
98 	crypto_data_t			*so_signature;
99 	crypto_spi_ctx_template_t	so_templ;
100 } kcf_sign_ops_params_t;
101 
102 typedef struct kcf_verify_ops_params {
103 	crypto_session_id_t		vo_sid;
104 	crypto_mech_type_t		vo_framework_mechtype;
105 	crypto_mechanism_t		vo_mech;
106 	crypto_key_t			*vo_key;
107 	crypto_data_t			*vo_data;
108 	crypto_data_t			*vo_signature;
109 	crypto_spi_ctx_template_t	vo_templ;
110 } kcf_verify_ops_params_t;
111 
112 typedef struct kcf_encrypt_mac_ops_params {
113 	crypto_session_id_t 		em_sid;
114 	crypto_mech_type_t		em_framework_encr_mechtype;
115 	crypto_mechanism_t		em_encr_mech;
116 	crypto_key_t			*em_encr_key;
117 	crypto_mech_type_t		em_framework_mac_mechtype;
118 	crypto_mechanism_t		em_mac_mech;
119 	crypto_key_t			*em_mac_key;
120 	crypto_data_t			*em_plaintext;
121 	crypto_dual_data_t		*em_ciphertext;
122 	crypto_data_t			*em_mac;
123 	crypto_spi_ctx_template_t	em_encr_templ;
124 	crypto_spi_ctx_template_t	em_mac_templ;
125 } kcf_encrypt_mac_ops_params_t;
126 
127 typedef struct kcf_mac_decrypt_ops_params {
128 	crypto_session_id_t 		md_sid;
129 	crypto_mech_type_t		md_framework_mac_mechtype;
130 	crypto_mechanism_t		md_mac_mech;
131 	crypto_key_t			*md_mac_key;
132 	crypto_mech_type_t		md_framework_decr_mechtype;
133 	crypto_mechanism_t		md_decr_mech;
134 	crypto_key_t			*md_decr_key;
135 	crypto_dual_data_t		*md_ciphertext;
136 	crypto_data_t			*md_mac;
137 	crypto_data_t			*md_plaintext;
138 	crypto_spi_ctx_template_t	md_mac_templ;
139 	crypto_spi_ctx_template_t	md_decr_templ;
140 } kcf_mac_decrypt_ops_params_t;
141 
142 typedef struct kcf_random_number_ops_params {
143 	crypto_session_id_t	rn_sid;
144 	uchar_t			*rn_buf;
145 	size_t			rn_buflen;
146 	uint_t			rn_entropy_est;
147 	uint32_t		rn_flags;
148 } kcf_random_number_ops_params_t;
149 
150 /*
151  * so_pd is useful when the provider descriptor (pd) supplying the
152  * provider handle is different from the pd supplying the ops vector.
153  * This is the case for session open/close where so_pd can be the pd
154  * of a logical provider. The pd supplying the ops vector is passed
155  * as an argument to kcf_submit_request().
156  */
157 typedef struct kcf_session_ops_params {
158 	crypto_session_id_t	*so_sid_ptr;
159 	crypto_session_id_t	so_sid;
160 	crypto_user_type_t	so_user_type;
161 	char			*so_pin;
162 	size_t			so_pin_len;
163 	kcf_provider_desc_t	*so_pd;
164 } kcf_session_ops_params_t;
165 
166 typedef struct kcf_object_ops_params {
167 	crypto_session_id_t		oo_sid;
168 	crypto_object_id_t		oo_object_id;
169 	crypto_object_attribute_t	*oo_template;
170 	uint_t 				oo_attribute_count;
171 	crypto_object_id_t		*oo_object_id_ptr;
172 	size_t				*oo_object_size;
173 	void				**oo_find_init_pp_ptr;
174 	void				*oo_find_pp;
175 	uint_t				oo_max_object_count;
176 	uint_t				*oo_object_count_ptr;
177 } kcf_object_ops_params_t;
178 
179 /*
180  * ko_key is used to encode wrapping key in key_wrap() and
181  * unwrapping key in key_unwrap(). ko_key_template and
182  * ko_key_attribute_count are used to encode public template
183  * and public template attr count in key_generate_pair().
184  * kops->ko_key_object_id_ptr is used to encode public key
185  * in key_generate_pair().
186  */
187 typedef struct kcf_key_ops_params {
188 	crypto_session_id_t		ko_sid;
189 	crypto_mech_type_t		ko_framework_mechtype;
190 	crypto_mechanism_t		ko_mech;
191 	crypto_object_attribute_t	*ko_key_template;
192 	uint_t				ko_key_attribute_count;
193 	crypto_object_id_t		*ko_key_object_id_ptr;
194 	crypto_object_attribute_t	*ko_private_key_template;
195 	uint_t				ko_private_key_attribute_count;
196 	crypto_object_id_t		*ko_private_key_object_id_ptr;
197 	crypto_key_t			*ko_key;
198 	uchar_t				*ko_wrapped_key;
199 	size_t				*ko_wrapped_key_len_ptr;
200 	crypto_object_attribute_t	*ko_out_template1;
201 	crypto_object_attribute_t	*ko_out_template2;
202 	uint_t				ko_out_attribute_count1;
203 	uint_t				ko_out_attribute_count2;
204 } kcf_key_ops_params_t;
205 
206 /*
207  * po_pin and po_pin_len are used to encode new_pin and new_pin_len
208  * when wrapping set_pin() function parameters.
209  *
210  * po_pd is useful when the provider descriptor (pd) supplying the
211  * provider handle is different from the pd supplying the ops vector.
212  * This is true for the ext_info provider entry point where po_pd
213  * can be the pd of a logical provider. The pd supplying the ops vector
214  * is passed as an argument to kcf_submit_request().
215  */
216 typedef struct kcf_provmgmt_ops_params {
217 	crypto_session_id_t 		po_sid;
218 	char				*po_pin;
219 	size_t				po_pin_len;
220 	char				*po_old_pin;
221 	size_t				po_old_pin_len;
222 	char				*po_label;
223 	crypto_provider_ext_info_t	*po_ext_info;
224 	kcf_provider_desc_t		*po_pd;
225 } kcf_provmgmt_ops_params_t;
226 
227 /*
228  * The operation type within a function group.
229  */
230 typedef enum kcf_op_type {
231 	/* common ops for all mechanisms */
232 	KCF_OP_INIT = 1,
233 	KCF_OP_SINGLE,	/* pkcs11 sense. So, INIT is already done */
234 	KCF_OP_UPDATE,
235 	KCF_OP_FINAL,
236 	KCF_OP_ATOMIC,
237 
238 	/* digest_key op */
239 	KCF_OP_DIGEST_KEY,
240 
241 	/* mac specific op */
242 	KCF_OP_MAC_VERIFY_ATOMIC,
243 
244 	/* mac/cipher specific op */
245 	KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC,
246 
247 	/* sign_recover ops */
248 	KCF_OP_SIGN_RECOVER_INIT,
249 	KCF_OP_SIGN_RECOVER,
250 	KCF_OP_SIGN_RECOVER_ATOMIC,
251 
252 	/* verify_recover ops */
253 	KCF_OP_VERIFY_RECOVER_INIT,
254 	KCF_OP_VERIFY_RECOVER,
255 	KCF_OP_VERIFY_RECOVER_ATOMIC,
256 
257 	/* random number ops */
258 	KCF_OP_RANDOM_SEED,
259 	KCF_OP_RANDOM_GENERATE,
260 
261 	/* session management ops */
262 	KCF_OP_SESSION_OPEN,
263 	KCF_OP_SESSION_CLOSE,
264 	KCF_OP_SESSION_LOGIN,
265 	KCF_OP_SESSION_LOGOUT,
266 
267 	/* object management ops */
268 	KCF_OP_OBJECT_CREATE,
269 	KCF_OP_OBJECT_COPY,
270 	KCF_OP_OBJECT_DESTROY,
271 	KCF_OP_OBJECT_GET_SIZE,
272 	KCF_OP_OBJECT_GET_ATTRIBUTE_VALUE,
273 	KCF_OP_OBJECT_SET_ATTRIBUTE_VALUE,
274 	KCF_OP_OBJECT_FIND_INIT,
275 	KCF_OP_OBJECT_FIND,
276 	KCF_OP_OBJECT_FIND_FINAL,
277 
278 	/* key management ops */
279 	KCF_OP_KEY_GENERATE,
280 	KCF_OP_KEY_GENERATE_PAIR,
281 	KCF_OP_KEY_WRAP,
282 	KCF_OP_KEY_UNWRAP,
283 	KCF_OP_KEY_DERIVE,
284 	KCF_OP_KEY_CHECK,
285 
286 	/* provider management ops */
287 	KCF_OP_MGMT_EXTINFO,
288 	KCF_OP_MGMT_INITTOKEN,
289 	KCF_OP_MGMT_INITPIN,
290 	KCF_OP_MGMT_SETPIN
291 } kcf_op_type_t;
292 
293 /*
294  * The operation groups that need wrapping of parameters. This is somewhat
295  * similar to the function group type in spi.h except that this also includes
296  * all the functions that don't have a mechanism.
297  *
298  * The wrapper macros should never take these enum values as an argument.
299  * Rather, they are assigned in the macro itself since they are known
300  * from the macro name.
301  */
302 typedef enum kcf_op_group {
303 	KCF_OG_DIGEST = 1,
304 	KCF_OG_MAC,
305 	KCF_OG_ENCRYPT,
306 	KCF_OG_DECRYPT,
307 	KCF_OG_SIGN,
308 	KCF_OG_VERIFY,
309 	KCF_OG_ENCRYPT_MAC,
310 	KCF_OG_MAC_DECRYPT,
311 	KCF_OG_RANDOM,
312 	KCF_OG_SESSION,
313 	KCF_OG_OBJECT,
314 	KCF_OG_KEY,
315 	KCF_OG_PROVMGMT,
316 	KCF_OG_NOSTORE_KEY
317 } kcf_op_group_t;
318 
319 /*
320  * The kcf_op_type_t enum values used here should be only for those
321  * operations for which there is a k-api routine in sys/crypto/api.h.
322  */
323 #define	IS_INIT_OP(ftype)	((ftype) == KCF_OP_INIT)
324 #define	IS_SINGLE_OP(ftype)	((ftype) == KCF_OP_SINGLE)
325 #define	IS_UPDATE_OP(ftype)	((ftype) == KCF_OP_UPDATE)
326 #define	IS_FINAL_OP(ftype)	((ftype) == KCF_OP_FINAL)
327 #define	IS_ATOMIC_OP(ftype)	( \
328 	(ftype) == KCF_OP_ATOMIC || (ftype) == KCF_OP_MAC_VERIFY_ATOMIC || \
329 	(ftype) == KCF_OP_MAC_VERIFY_DECRYPT_ATOMIC || \
330 	(ftype) == KCF_OP_SIGN_RECOVER_ATOMIC || \
331 	(ftype) == KCF_OP_VERIFY_RECOVER_ATOMIC)
332 
333 /*
334  * Keep the parameters associated with a request around.
335  * We need to pass them to the SPI.
336  */
337 typedef struct kcf_req_params {
338 	kcf_op_group_t		rp_opgrp;
339 	kcf_op_type_t		rp_optype;
340 
341 	union {
342 		kcf_digest_ops_params_t		digest_params;
343 		kcf_mac_ops_params_t		mac_params;
344 		kcf_encrypt_ops_params_t	encrypt_params;
345 		kcf_decrypt_ops_params_t	decrypt_params;
346 		kcf_sign_ops_params_t		sign_params;
347 		kcf_verify_ops_params_t		verify_params;
348 		kcf_encrypt_mac_ops_params_t	encrypt_mac_params;
349 		kcf_mac_decrypt_ops_params_t	mac_decrypt_params;
350 		kcf_random_number_ops_params_t	random_number_params;
351 		kcf_session_ops_params_t	session_params;
352 		kcf_object_ops_params_t		object_params;
353 		kcf_key_ops_params_t		key_params;
354 		kcf_provmgmt_ops_params_t	provmgmt_params;
355 	} rp_u;
356 } kcf_req_params_t;
357 
358 
359 /*
360  * The ioctl/k-api code should bundle the parameters into a kcf_req_params_t
361  * structure before calling a scheduler routine. The following macros are
362  * available for that purpose.
363  *
364  * For the most part, the macro arguments closely correspond to the
365  * function parameters. In some cases, we use generic names. The comments
366  * for the structure should indicate these cases.
367  */
368 #define	KCF_WRAP_DIGEST_OPS_PARAMS(req, ftype, _sid, _mech, _key,	\
369 	_data, _digest) {						\
370 	kcf_digest_ops_params_t *dops = &(req)->rp_u.digest_params;	\
371 	crypto_mechanism_t *mechp = _mech;				\
372 									\
373 	(req)->rp_opgrp = KCF_OG_DIGEST;				\
374 	(req)->rp_optype = ftype;					\
375 	dops->do_sid = _sid;						\
376 	if (mechp != NULL) {						\
377 		dops->do_mech = *mechp;					\
378 		dops->do_framework_mechtype = mechp->cm_type;		\
379 	}								\
380 	dops->do_digest_key = _key;					\
381 	dops->do_data = _data;						\
382 	dops->do_digest = _digest;					\
383 }
384 
385 #define	KCF_WRAP_MAC_OPS_PARAMS(req, ftype, _sid, _mech, _key,		\
386 	_data, _mac, _templ) {						\
387 	kcf_mac_ops_params_t *mops = &(req)->rp_u.mac_params;		\
388 	crypto_mechanism_t *mechp = _mech;				\
389 									\
390 	(req)->rp_opgrp = KCF_OG_MAC;					\
391 	(req)->rp_optype = ftype;					\
392 	mops->mo_sid = _sid;						\
393 	if (mechp != NULL) {						\
394 		mops->mo_mech = *mechp;					\
395 		mops->mo_framework_mechtype = mechp->cm_type;		\
396 	}								\
397 	mops->mo_key = _key;						\
398 	mops->mo_data = _data;						\
399 	mops->mo_mac = _mac;						\
400 	mops->mo_templ = _templ;					\
401 }
402 
403 #define	KCF_WRAP_ENCRYPT_OPS_PARAMS(req, ftype, _sid, _mech, _key,	\
404 	_plaintext, _ciphertext, _templ) {				\
405 	kcf_encrypt_ops_params_t *cops = &(req)->rp_u.encrypt_params;	\
406 	crypto_mechanism_t *mechp = _mech;				\
407 									\
408 	(req)->rp_opgrp = KCF_OG_ENCRYPT;				\
409 	(req)->rp_optype = ftype;					\
410 	cops->eo_sid = _sid;						\
411 	if (mechp != NULL) {						\
412 		cops->eo_mech = *mechp;					\
413 		cops->eo_framework_mechtype = mechp->cm_type;		\
414 	}								\
415 	cops->eo_key = _key;						\
416 	cops->eo_plaintext = _plaintext;				\
417 	cops->eo_ciphertext = _ciphertext;				\
418 	cops->eo_templ = _templ;					\
419 }
420 
421 #define	KCF_WRAP_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mech, _key,	\
422 	_ciphertext, _plaintext, _templ) {				\
423 	kcf_decrypt_ops_params_t *cops = &(req)->rp_u.decrypt_params;	\
424 	crypto_mechanism_t *mechp = _mech;				\
425 									\
426 	(req)->rp_opgrp = KCF_OG_DECRYPT;				\
427 	(req)->rp_optype = ftype;					\
428 	cops->dop_sid = _sid;						\
429 	if (mechp != NULL) {						\
430 		cops->dop_mech = *mechp;				\
431 		cops->dop_framework_mechtype = mechp->cm_type;		\
432 	}								\
433 	cops->dop_key = _key;						\
434 	cops->dop_ciphertext = _ciphertext;				\
435 	cops->dop_plaintext = _plaintext;				\
436 	cops->dop_templ = _templ;					\
437 }
438 
439 #define	KCF_WRAP_SIGN_OPS_PARAMS(req, ftype, _sid, _mech, _key,		\
440 	_data, _signature, _templ) {					\
441 	kcf_sign_ops_params_t *sops = &(req)->rp_u.sign_params;		\
442 	crypto_mechanism_t *mechp = _mech;				\
443 									\
444 	(req)->rp_opgrp = KCF_OG_SIGN;					\
445 	(req)->rp_optype = ftype;					\
446 	sops->so_sid = _sid;						\
447 	if (mechp != NULL) {						\
448 		sops->so_mech = *mechp;					\
449 		sops->so_framework_mechtype = mechp->cm_type;		\
450 	}								\
451 	sops->so_key = _key;						\
452 	sops->so_data = _data;						\
453 	sops->so_signature = _signature;				\
454 	sops->so_templ = _templ;					\
455 }
456 
457 #define	KCF_WRAP_VERIFY_OPS_PARAMS(req, ftype, _sid, _mech, _key,	\
458 	_data, _signature, _templ) {					\
459 	kcf_verify_ops_params_t *vops = &(req)->rp_u.verify_params;	\
460 	crypto_mechanism_t *mechp = _mech;				\
461 									\
462 	(req)->rp_opgrp = KCF_OG_VERIFY;				\
463 	(req)->rp_optype = ftype;					\
464 	vops->vo_sid = _sid;						\
465 	if (mechp != NULL) {						\
466 		vops->vo_mech = *mechp;					\
467 		vops->vo_framework_mechtype = mechp->cm_type;		\
468 	}								\
469 	vops->vo_key = _key;						\
470 	vops->vo_data = _data;						\
471 	vops->vo_signature = _signature;				\
472 	vops->vo_templ = _templ;					\
473 }
474 
475 #define	KCF_WRAP_ENCRYPT_MAC_OPS_PARAMS(req, ftype, _sid, _encr_key,	\
476 	_mac_key, _plaintext, _ciphertext, _mac, _encr_templ, _mac_templ) { \
477 	kcf_encrypt_mac_ops_params_t *cmops = &(req)->rp_u.encrypt_mac_params; \
478 									\
479 	(req)->rp_opgrp = KCF_OG_ENCRYPT_MAC;				\
480 	(req)->rp_optype = ftype;					\
481 	cmops->em_sid = _sid;						\
482 	cmops->em_encr_key = _encr_key;					\
483 	cmops->em_mac_key = _mac_key;					\
484 	cmops->em_plaintext = _plaintext;				\
485 	cmops->em_ciphertext = _ciphertext;				\
486 	cmops->em_mac = _mac;						\
487 	cmops->em_encr_templ = _encr_templ;				\
488 	cmops->em_mac_templ = _mac_templ;				\
489 }
490 
491 #define	KCF_WRAP_MAC_DECRYPT_OPS_PARAMS(req, ftype, _sid, _mac_key,	\
492 	_decr_key, _ciphertext, _mac, _plaintext, _mac_templ, _decr_templ) { \
493 	kcf_mac_decrypt_ops_params_t *cmops = &(req)->rp_u.mac_decrypt_params; \
494 									\
495 	(req)->rp_opgrp = KCF_OG_MAC_DECRYPT;				\
496 	(req)->rp_optype = ftype;					\
497 	cmops->md_sid = _sid;						\
498 	cmops->md_mac_key = _mac_key;					\
499 	cmops->md_decr_key = _decr_key;					\
500 	cmops->md_ciphertext = _ciphertext;				\
501 	cmops->md_mac = _mac;						\
502 	cmops->md_plaintext = _plaintext;				\
503 	cmops->md_mac_templ = _mac_templ;				\
504 	cmops->md_decr_templ = _decr_templ;				\
505 }
506 
507 #define	KCF_WRAP_RANDOM_OPS_PARAMS(req, ftype, _sid, _buf, _buflen,	\
508 	_est, _flags) {							\
509 	kcf_random_number_ops_params_t *rops =				\
510 		&(req)->rp_u.random_number_params;			\
511 									\
512 	(req)->rp_opgrp = KCF_OG_RANDOM;				\
513 	(req)->rp_optype = ftype;					\
514 	rops->rn_sid = _sid;						\
515 	rops->rn_buf = _buf;						\
516 	rops->rn_buflen = _buflen;					\
517 	rops->rn_entropy_est = _est;					\
518 	rops->rn_flags = _flags;					\
519 }
520 
521 #define	KCF_WRAP_SESSION_OPS_PARAMS(req, ftype, _sid_ptr, _sid,		\
522 	_user_type, _pin, _pin_len, _pd) {				\
523 	kcf_session_ops_params_t *sops = &(req)->rp_u.session_params;	\
524 									\
525 	(req)->rp_opgrp = KCF_OG_SESSION;				\
526 	(req)->rp_optype = ftype;					\
527 	sops->so_sid_ptr = _sid_ptr;					\
528 	sops->so_sid = _sid;						\
529 	sops->so_user_type = _user_type;				\
530 	sops->so_pin = _pin;						\
531 	sops->so_pin_len = _pin_len;					\
532 	sops->so_pd = _pd;						\
533 }
534 
535 #define	KCF_WRAP_OBJECT_OPS_PARAMS(req, ftype, _sid, _object_id,	\
536 	_template, _attribute_count, _object_id_ptr, _object_size,	\
537 	_find_init_pp_ptr, _find_pp, _max_object_count, _object_count_ptr) { \
538 	kcf_object_ops_params_t *jops = &(req)->rp_u.object_params;	\
539 									\
540 	(req)->rp_opgrp = KCF_OG_OBJECT;				\
541 	(req)->rp_optype = ftype;					\
542 	jops->oo_sid = _sid;						\
543 	jops->oo_object_id = _object_id;				\
544 	jops->oo_template = _template;					\
545 	jops->oo_attribute_count = _attribute_count;			\
546 	jops->oo_object_id_ptr = _object_id_ptr;			\
547 	jops->oo_object_size = _object_size;				\
548 	jops->oo_find_init_pp_ptr = _find_init_pp_ptr;			\
549 	jops->oo_find_pp = _find_pp;					\
550 	jops->oo_max_object_count = _max_object_count;			\
551 	jops->oo_object_count_ptr = _object_count_ptr;			\
552 }
553 
554 #define	KCF_WRAP_KEY_OPS_PARAMS(req, ftype, _sid, _mech, _key_template, \
555 	_key_attribute_count, _key_object_id_ptr, _private_key_template, \
556 	_private_key_attribute_count, _private_key_object_id_ptr,	\
557 	_key, _wrapped_key, _wrapped_key_len_ptr) {			\
558 	kcf_key_ops_params_t *kops = &(req)->rp_u.key_params;		\
559 	crypto_mechanism_t *mechp = _mech;				\
560 									\
561 	(req)->rp_opgrp = KCF_OG_KEY;					\
562 	(req)->rp_optype = ftype;					\
563 	kops->ko_sid = _sid;						\
564 	if (mechp != NULL) {						\
565 		kops->ko_mech = *mechp;					\
566 		kops->ko_framework_mechtype = mechp->cm_type;		\
567 	}								\
568 	kops->ko_key_template = _key_template;				\
569 	kops->ko_key_attribute_count = _key_attribute_count;		\
570 	kops->ko_key_object_id_ptr = _key_object_id_ptr;		\
571 	kops->ko_private_key_template = _private_key_template;		\
572 	kops->ko_private_key_attribute_count = _private_key_attribute_count; \
573 	kops->ko_private_key_object_id_ptr = _private_key_object_id_ptr; \
574 	kops->ko_key = _key;						\
575 	kops->ko_wrapped_key = _wrapped_key;				\
576 	kops->ko_wrapped_key_len_ptr = _wrapped_key_len_ptr;		\
577 }
578 
579 #define	KCF_WRAP_PROVMGMT_OPS_PARAMS(req, ftype, _sid, _old_pin,	\
580 	_old_pin_len, _pin, _pin_len, _label, _ext_info, _pd) {		\
581 	kcf_provmgmt_ops_params_t *pops = &(req)->rp_u.provmgmt_params;	\
582 									\
583 	(req)->rp_opgrp = KCF_OG_PROVMGMT;				\
584 	(req)->rp_optype = ftype;					\
585 	pops->po_sid = _sid;						\
586 	pops->po_pin = _pin;						\
587 	pops->po_pin_len = _pin_len;					\
588 	pops->po_old_pin = _old_pin;					\
589 	pops->po_old_pin_len = _old_pin_len;				\
590 	pops->po_label = _label;					\
591 	pops->po_ext_info = _ext_info;					\
592 	pops->po_pd = _pd;						\
593 }
594 
595 #define	KCF_WRAP_NOSTORE_KEY_OPS_PARAMS(req, ftype, _sid, _mech,	\
596 	_key_template, _key_attribute_count, _private_key_template,	\
597 	_private_key_attribute_count, _key, _out_template1,		\
598 	_out_attribute_count1, _out_template2, _out_attribute_count2) {	\
599 	kcf_key_ops_params_t *kops = &(req)->rp_u.key_params;		\
600 	crypto_mechanism_t *mechp = _mech;				\
601 									\
602 	(req)->rp_opgrp = KCF_OG_NOSTORE_KEY;				\
603 	(req)->rp_optype = ftype;					\
604 	kops->ko_sid = _sid;						\
605 	if (mechp != NULL) {						\
606 		kops->ko_mech = *mechp;					\
607 		kops->ko_framework_mechtype = mechp->cm_type;		\
608 	}								\
609 	kops->ko_key_template = _key_template;				\
610 	kops->ko_key_attribute_count = _key_attribute_count;		\
611 	kops->ko_key_object_id_ptr = NULL;				\
612 	kops->ko_private_key_template = _private_key_template;		\
613 	kops->ko_private_key_attribute_count = _private_key_attribute_count; \
614 	kops->ko_private_key_object_id_ptr = NULL;			\
615 	kops->ko_key = _key;						\
616 	kops->ko_wrapped_key = NULL;					\
617 	kops->ko_wrapped_key_len_ptr = 0;				\
618 	kops->ko_out_template1 = _out_template1;			\
619 	kops->ko_out_template2 = _out_template2;			\
620 	kops->ko_out_attribute_count1 = _out_attribute_count1;		\
621 	kops->ko_out_attribute_count2 = _out_attribute_count2;		\
622 }
623 
624 #define	KCF_SET_PROVIDER_MECHNUM(fmtype, pd, mechp)			\
625 	(mechp)->cm_type =						\
626 	    KCF_TO_PROV_MECHNUM(pd, fmtype);
627 
628 #ifdef __cplusplus
629 }
630 #endif
631 
632 #endif /* _SYS_CRYPTO_OPS_IMPL_H */
633